Keep Your Money Secure: How to Spot Phishing Emails

Phishing emails, a portmanteau of phony fishing, is the practice of bad actors trying to scam or trick you into giving away sensitive information, like account passwords or identity numbers. Here are some best practices when opening emails at work.

This article is for educational purposes and does not constitute legal, financial, or tax advice. For specific advice applicable to your business, please contact a professional.

In 2020, 75% of worldwide organizations reported experiencing a phishing attack. The FBI Internet Crime Complaint Center has reported an average of 440,000 complaints per year over the last five years with nearly 250,000 of those complaints centered on phishing, vishing (voice phishing), smishing (SMS phishing), and pharming (a cyberattack involving malicious code and fraudulent websites) scams.

Phishing emails, a portmanteau of phony fishing, is the practice of bad actors that are trying to scam or trick you into giving away sensitive information, like account passwords or identity numbers. These emails may claim there is suspicious activity on your account, a missed payment, or a pending shutdown to your accounts. While it can be tempting to react in order to resolve the issue, take a moment to make sure this is a legitimate email.

There are a some best practices when opening emails at work:

Don’t Do
Click links within an email before verifying they are from a legitimate sender Check that the sender’s email is coming from “squareup.com.”
Share sensitive information such as your password, social security number, bank account details, or payment card details. Go directly to squareup.com or your Square Dashboard for communications with Square.
  Forward the email to spoof@squareup.com to report the incident. If the potentially fraudulent email you are receiving is not from Square or your bank, follow up with official channels by going directly to the bank’s site or emailing the company directly.

Below are three types of phishing emails you might receive and a few things you should look out for to avoid any suspicious or unauthorized activity on your account.

Transaction Phishing Email

A transaction phishing email will say that a large sum of money is coming to your business and you need to share more information in order to accept it.

Why Square wouldn’t send this email: Square will never ask you to provide sensitive information, such as username, password, social security number, full bank account details, or payment card information over email, phone, or text message. There are a few flags to look for in the email below. First, the email says “You receive 3000.47 payment” with no dollar sign and grammatical errors throughout. The graphics are broken and both the graphics and body of text are all misaligned. Some phishing attempts (like the one below) may be sloppy, but others could be more refined, so before updating financial details, ensure this email is coming from Square.

Transaction Phishing Email

Deposits Suspended Phishing Email

A deposit suspended phishing email may include a communication about your deposits being suspended. The email will ask you to relink your bank account and state that your deposits will not resume until you do so. Although Square may reach out to prompt you to relink your account in some cases, be vigilant for cues a reach out like this is indeed from Square.

Why Square wouldn’t send this email: Square will never ask you to provide sensitive information, such as your full bank account details or payment card information over email. This email directly asks for bank account details from the receiver. If you are a Square Banking customer and a small business owner that uses Square, this might be an email a scammer would send you to access your accounts.

Deposit Suspended Phishing Email

Pending Debit Phishing Email

A pending debit phishing email will alert you to a sum of money that is being withdrawn from your bank account unless you take action. As this can be alarming for business owners, many are quick to act before verifying the authenticity of the email.

Why Square wouldn’t send this email: Square will never ask you to provide sensitive information such as your username, password, or payment card information over email. A scammer might know you have an account with a bank, whether it is a Square Bank account or otherwise, so don’t be quick to click when you see any information that could be true mixed in with some red flags. Instead, check with your bank directly to make sure an unexpected withdrawal is taking place.

Pending Debit Phishing Email

If you are ever unsure about an email you’re receiving from Square or any other payments processor, bank, or business you are sharing sensitive financial information, the safest way to ensure you’re talking to a representative of the company is to go directly to the business’s website. If you are a business owner that uses Square, be sure to report any suspicious or unauthorized activity right away and forward any suspicious email to spoof@squareup.com. The Square Secure team may reach out directly if they see any unusual activity or believe you could be the victim of an account takeover. The Federal Trade Commission recommends taking the following steps if you believe you have been a victim of a phishing email.